Re: I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt
"David A. Cooper" <david.cooper@nist.gov> Thu, 25 May 2006 00:01 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fj3Hi-0002od-H3 for pkix-archive@lists.ietf.org; Wed, 24 May 2006 20:01:02 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Fj3Hh-0002uz-1H for pkix-archive@lists.ietf.org; Wed, 24 May 2006 20:01:02 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4OM2F2D090780; Wed, 24 May 2006 15:02:15 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4OM2Fdl090779; Wed, 24 May 2006 15:02:15 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4OM2EM4090773 for <ietf-pkix@imc.org>; Wed, 24 May 2006 15:02:15 -0700 (MST) (envelope-from david.cooper@nist.gov)
Received: from postmark.nist.gov (pushme.nist.gov [129.6.16.92]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id k4OM29cN010119 for <ietf-pkix@imc.org>; Wed, 24 May 2006 18:02:09 -0400
Received: from [129.6.54.72] (st26.ncsl.nist.gov [129.6.54.72]) by postmark.nist.gov (8.13.6/8.13.6) with ESMTP id k4OM25s9019480 for <ietf-pkix@imc.org>; Wed, 24 May 2006 18:02:06 -0400 (EDT)
Message-ID: <4474D84C.6040409@nist.gov>
Date: Wed, 24 May 2006 18:03:56 -0400
From: "David A. Cooper" <david.cooper@nist.gov>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: pkix <ietf-pkix@imc.org>
Subject: Re: I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt
References: <E1FizMn-0004Lb-FO@stiedprstage1.ietf.org>
In-Reply-To: <E1FizMn-0004Lb-FO@stiedprstage1.ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: david.cooper@nist.gov
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a2c12dacc0736f14d6b540e805505a86
All, Draft 3 of 3280bis contains minor changes from draft 2. A diff file highlighting the changes is available at http://csrc.nist.gov/pki/documents/PKIX/draft3280bis-02todraft3280bis-03_diff.html. Draft 3 includes the following changes: 1. Section 1 now highlights the changes between 3280 and 3280bis rather than between 2459 and 3280. 2. Modifications were made in sections 4.1.2.4 and 4.1.2.6 to align with draft-ietf-pkix-cert-utf8-03.txt. 2. Section 4.2.1.10 includes a reference to draft-ietf-pkix-srvsan-01.txt as an example of another document that specifies rules for name constraints. 3. Changes to section 4.2.1.12 were made to clarify that applications may require the presence of a specific OID in the extended key usage extension. 4. In section 4.2.1.13 the requirement for file names specified in an HTTP URI to have a ".crl" extension was removed. 5. References to PEM in sections 6 and 6.2 were removed since the text in section 6.2 was incorrect and there did not seem to be a compelling reason to correct the text rather than simply removing it. 6. In section 6.1.1 item (d) and section 6.1.2 item (j), the text describing the source of trust anchor information was clarified. 7. In section 6.1.3, item (c): replaced "one" with "any". 8. The description of Figure 7 in section 6.1.3 after item (d)(3) was modified for clarity. 9. Section 6.3.3 item (f): Added a sentence noting that trust anchor for CRL certification path must be same as certification path for target certificate (as was already stated in the Security Considerations section). 10. Added paragraphs to Security Considerations section about the risk of circular dependencies in AIA, SIA, and CDP extensions. 11. Added paragraph to Security Considerations section about risks involving names with similar visual representations. 11. Appendix C: Clarified that string representations of DNs follow RFC 2253 formatting rules. A number of spelling errors were also corrected and a few changes were made to correct some ID-nits. Dave Internet-Drafts@ietf.org wrote: >A New Internet-Draft is available from the on-line Internet-Drafts directories. >This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF. > > Title : Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile > Author(s) : D. Cooper, et al. > Filename : draft-ietf-pkix-rfc3280bis-03.txt > Pages : 141 > Date : 2006-5-24 > >This memo profiles the X.509 v3 certificate and X.509 v2 Certificate > Revocation List (CRL) for use in the Internet. An overview of this > approach and model are provided as an introduction. The X.509 v3 > certificate format is described in detail, with additional > information regarding the format and semantics of Internet name > forms. Standard certificate extensions are described and two > Internet-specific extensions are defined. A set of required > certificate extensions is specified. The X.509 v2 CRL format is > described in detail, and required extensions are defined. An > algorithm for X.509 certification path validation is described. An > ASN.1 module and examples are provided in the appendices. > >A URL for this Internet-Draft is: >http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc3280bis-03.txt > > >
- I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt Internet-Drafts
- Re: I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt David A. Cooper
- Re: I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt Michael Ströder
- Re: I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt Kurt D. Zeilenga
- Re: I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt Turner, Sean P.
- Re: I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt David A. Cooper
- RE: I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt Turner, Sean P.
- Re: I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt David A. Cooper
- name constraints on x400Address, ediPartyName, an… David A. Cooper
- Re: name constraints on x400Address, ediPartyName… Stephen Farrell
- RE: name constraints on x400Address, ediPartyName… Kemp David P.
- RE: I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt Turner, Sean P.